Facebook recently confirmed the big 2018 hack is worse than expected, and that the data of nearly 30 million users got stolen. If you’re wondering if your Facebook was hacked and what you should do next we have you covered. Actually, here are five things you should do right now.
On September 25th, Facebook found the breach, suggesting that attackers used a vulnerability in the “View As” feature, which allows you to view your profile the way others see it. Then, hackers stole account access tokens and user data.
Below we’ll explain what access tokens are, how you can find out if you’re affected and what steps to take right now.
- Facebook recently announced a security exploit that affects over 50 million users
- As a precautionary measure, 90 million users were automatically logged out of their account and have to log back in manually.
- Apparently, passwords were not affected.
- Update: On October 12th Facebook confirmed 30 million users data and information was stolen
If you were asked to log back into Facebook near the end of September, your account was probably hacked. The company automatically logged out around 90 million accounts last month. That includes in the app, website, and any third-party apps or services.
Read: How to Stop Facebook From Accessing Contacts, Call Logs & Texts
Just when we thought the news couldn’t get worse, on October 12th, 2018, Facebook lowered the hack number from 50 million users to 30 million. However, those 30 million users had data and personal information compromised. Including but not limited to extensive personal information, places you checked into, recent FB search results, viewing history, and even the city you live in. Additionally, the hackers accessed the names, contacts and other personal information of about 15 million of those 30 million accounts. A representative said hackers did not gain access to financial information, such as credit-card numbers.
At least the security team fixed the vulnerability already, so that’s a good start.
Facebook Hack: 5 Things to Do Right Now
This isn’t good news but the story is still developing and Facebook continues to investigate with the help of the FBI. That said, you can take steps right now to secure yourself and your account.
Step 1: Check If Your Data Was Stolen
Fortunately, the company has an easy way for Facebook users to quickly check and see if they’re impacted. You can see if your data was stolen by going to this Facebook Help Center link. That link gives you more information about the situation, and near the bottom will confirm that you have or have not been impacted by this security incident.
Step 2: Log Yourself Out Everywhere
As a precautionary measure, you can log out of Facebook everywhere. That means the app, website, browsers, third-party services, add-ons and more. Log out of everything, change your password, and start over. We’re recommending everyone do this right away.
Go to the Facebook Login & security section in settings. This will list any place or service where you’re logged into the social network. Basically, where those access tokens are being used. You can log out one at a time, or the company even offers a one-click option to log out of them all at once. Look through the list and see if any suspicious logins took place.
Furthermore, tap on “Apps & Websites” in this same security settings menu. Here, you’ll find a list of every app that can log in using Facebook. We recommend signing out every one of those too. New reports confirm the Facebook vulnerability potentially gave hackers access to 3rd party app sign-ins like Instagram, WhatsApp, Tinder, games and more. That’s a lot of private information that could be available. So yes, sign out of any connected app or service and then change your password ASAP.
Step 3: Change Your Password
Once you’ve checked for suspicious log-in attempts, signed out everywhere, and done a few other things, you’ll want to immediately change your password. You can change your Facebook password by clicking here. While you’re at it choose something strong or difficult to guess, and maybe change your secret questions if possible.
At the same time, we recommend changing passwords on any and all sites that use the same password. This is a mistake millions of users make. Never use the same password that’s easy to remember, especially for every website. You should use a different password for each one for situations just like this.
Step 4: Use A Password Manager
Remembering a different password for the dozens of websites and services we use on a daily basis is no small task. Which is why we recommend a password manager like LastPass or 1Password. These combine unique passwords for every site, saves them, then generates one unique and secure password for you. One that is a mix of letters, numbers, words and more.
This is something millions of users should consider either way.
Step 5: Two-factor Authentication
While you’re already in the settings menu we highly recommend enabling two-factor authentication. This essentially adds a second layer of security to your account. That way whenever you try to login Facebook will send you an email, text message, or a similar type of communication. Meaning hackers can only get through one stage of the login process.
Here’s how to turn on two-factor authentication on Facebook. When you do this, you can even use an authenticator app for added security and privacy.
What Are Facebook Access Tokens?
Long story short, access tokens are unique strings of numbers used to identify individuals, apps or Pages on Facebook. They’re also something that third-party apps and services use to access your Facebook page and information. Basically, they are digital keys so you don’t have to re-enter your password every time you use the app.
The hackers accessed at least 30 million access tokens from Facebook user accounts. However, Facebook cleared (logged out) 90 million accounts that used the “View As” feature within the last year. The hackers then used those access tokens to log in to nearly 30 million accounts and make off with personal information, location data, contacts and more.
In closing, Facebook confirmed that this is an ongoing investigation and they’re still trying to better understand all the details and what all happened. So if they learn more or the facts change, they’ll update users. For now, the company didn’t say what motivated the hackers, but ruled out the belief that the hack was related to the November midterm elections — but of course, they’d say that.
In closing, use caution when it comes to your Facebook account, change your password, and use some stronger security measures if possible.
And if all else fails, just delete your Facebook account.